State information in a stateless environment

ABSTRACT

A computer-implemented method for maintaining state in a stateless environment includes saving on a computing device an image of one or more document object models for one or more web pages. The image includes information that has changed in response to user interaction with the one or more pages after the one or more web pages have been loaded by the computing device. The method additionally includes shutting down the web pages on the computing device, receiving a request to redisplay the web pages on the computing device, accessing the image, and using data in the image to reconstruct the one or more web pages, including with the information that had changed in response to user interaction with the one or more pages.

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional PatentApplication Ser. No. 61/415,243 filed 18 Nov. 2010, the disclosure ofwhich is hereby incorporated by reference in its entirety.

TECHNICAL FIELD

This document relates to systems and techniques for interacting withusers of a computer operating system.

BACKGROUND

The core structures by which a computer (e.g., a desktop PC, laptop,netbook, or smart phone) operates may include a basic input and outputsystem, or BIOS, an operating system, and other components that may bereferred to as occupying a “stack” of software that provides basicfunctionality for operating a computer. The BIOS may be accessed when acomputer is first turned on and booted, and can provide basicfunctionality for the computer, such as identifying, testing, andinitializing system devices, including storage devices that store codethat is further needed to boot the computer. The code for the operatingsystem can be stored on such an additional device, and can provide forfurther booting of the computer until it is fully booted and ready tooperate.

An operating system generally serves as an interface between thecomputer hardware and a user of the computer. An operating system mayprovide a variety of functions. For example, the operating system canprovide a graphical user interface (GUI) by which a user of the computermay receive output from the computer and may provide input to thecomputer. The operating system may also provide a platform on whichvarious third-party applications execute, where the operating systemprovides services that are needed by the applications, and also providesthe mechanism by which the applications can communicate with otherresources, such as other applications, peripheral devices (e.g.,printers, cameras, etc.), and with services provided by the operatingsystem itself.

SUMMARY

This document describes systems and techniques that may be implementedas part of an operating system for a computing device, or in a systemthat includes a number of different computing devices. For example,various mechanisms may be used to synchronize a computing device withdata stored in a cloud-based system, whereby a hosted computer serversystem is made available for members of the public to access the system,and the system in turn provides various services such as data storageand back-up, document storage, e-mail routing and handling, and otheruseful services. The computing device may be of a form that hasrelatively little local storage, and that thus stores a user's data atthe hosted server system. In addition, the device may be configured sothat it is essentially constantly connected to a network (e.g., awireless network) and via the network to the internet. As a result,various components on the device may be arranged to operate according toa nearly always-on approach.

In techniques described in particular detail below, an applicationrunning an environment that is typically stateless, such as a webbrowser displaying a web page having a form or other such content, cansave state information about displayed web pages, such as after a usershuts down the browser application while interacting with a web page(e.g., partially filling out a form). Generally, web page stateinformation is saved in cookies under control of code sent by serversthat want to maintain their own cookies in order to, e.g., recognize adevice when it returns to a web site so as to provide a personalizedgreeting to a user of the device. As described below, a device may storestate information, including independent of cookies and requests fromremote server systems. For example, as a user interacts with a web page,a document object model (DOM) or other information corresponding to theweb page may change. A device may capture such information about thechanges, such as when a user shuts down a web browser, and the systemrecognizes that one or more displayed pages have been manipulated by theuser since they were rendered (e.g., the user entered text into afillable form on the page). The device may then save the informationthat reflects the changes and a pointer or other information thatidentifies the page (e.g., the URL or a truncated form of the URL thateliminates certain parameters). When one of the web pages whose changeddata is saved in this manner is next displayed, such as by beingautomatically displayed the next time the browser is launched, or by auser navigating to the web page, the system can recognize that it hassaved state information for the page (each time a user visits a page,the system can check a list of URLs for pages that have stateinformation saved for them). The system can then provide the data intothe URL in the locations at which it was gathered, or may add it to there-rendered web page in another appropriate manner.

In one implementation, a computer-implemented method for maintainingstate in a stateless environment is disclosed. The method comprisessaving on a computing device an image of one or more document objectmodels (DOMs) for one or more web pages, the image including informationthat has changed in response to user interaction with the one or morepages after the one or more web pages have been loaded by the computingdevice; shutting down the web pages on the computing device; receiving arequest to redisplay the web pages on the computing device; accessingthe image; and using data in the image to reconstruct the one or moreweb pages, including with the information that had changed in responseto user interaction with the one or more pages. An image of each of theone or more web pages can be stored as a DOM for a page in addition tochange data for the page. Also, the method can include identifyingchange data for the page by analyzing scripting code that is called fromthe page. In some aspects, each of a plurality of web pages is part of acompute process that is separate from each of the other of the pluralityof web pages. Also, using data in the image to reconstruct the one ormore web pages can comprise loading the one or more web pages using thestored DOMs for the one or more web pages, and then applying data thatreflects the information that had changed.

In some aspects, the method further comprises, for each of the one ormore web pages, checking a stored DOM against a current DOM at a URLthat corresponds to the particular web page, and generating a warning ifthe stored DOM does not match the current DOM. Moreover, the method caninclude applying to the current DOM the data that reflects theinformation that had changed.

In another implementation, a computer-implemented system for maintainingstate in a stateless environment is disclosed. The system comprises aweb browser to interpret mark-up code and display web pages thatcorrespond to the mark up code; a web page saving application programmedto execute on a processor of the computing device to save DOMs for thedisplayed web pages along with data that reflects information that haschanged on the web pages in response to user interaction with the webpages after the web pages have been loaded by the computing device; anda data store that stores an image that defines the DOMs and the datathat reflects information that has changed on the web pages. The imageof each of the one or more web pages can be stored as a DOM for a pagein addition to change data for the page. Also, the web page savingapplication can be programmed to reconstruct the web pages by loadingthe saved image, or to save DOMs for the displayed web pages along withdata that reflects information that has changed on the web pages, byidentifying change data for a particular page by analyzing scriptingcode that is called from the particular page.

In certain implementations, the web browser is programmed to executeeach of the web pages in a compute process that is separate from computeprocesses for each of the other of the web pages. The web page savingapplication can also use data in the image to reconstruct the one ormore web pages by loading the one or more pages using the stored DOMsfor the one or more web pages, and then applying data that reflects theinformation that had changed. Alternatively or in addition, the web pagesaving application can be programmed to check a particular stored DOMagainst a current DOM at a URL that corresponds to a web page, and togenerate a warning if the particular stored DOM does not match thecurrent DOM. And the web page saving application can also be programmedto apply to the current DOM the data that reflects the information thathad changed.

In yet another implementation, a computer-implemented system formaintaining state in a stateless environment comprises a web browser tointerpret mark up code and display web pages that correspond to the markup code; a data store that stores an image that defines DOMs of the webpages and data that reflects information that has changed on the webpages in response to user interaction with the web pages after the webpages have been loaded by the computing device; and means forreconstructing the web pages using the image.

The details of one or more embodiments are set forth in the accompanyingdrawings and the description below. Other features and advantages willbe apparent from the description and drawings, and from the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 is a conceptual diagram of a process for providing delayedlocking of a computing device.

FIG. 2 is a conceptual diagram of a operating system that usescontextual objects.

FIG. 3 is a conceptual diagram of a system for maintaining memorycontrol on a computing device.

FIG. 4 is a conceptual diagram of a system that provides thread affinitywith message passing between computer processes.

FIG. 5 is a conceptual diagram of a system that provides stateinformation in a stateless environment.

FIG. 6 is a conceptual diagram of a system that provides imaging for acomputing device across a network.

FIG. 7 is a conceptual diagram of a system that provides for remotemonitoring and control of a computing device.

FIG. 8 is a conceptual diagram of a system for providing caching on acomputing device of data that is stored centrally on a hosted computersystem.

FIG. 9 is a flow chart of a process for providing delayed locking of acomputing device.

FIG. 10 is a flow chart of a process for managing contextual objects inan operating system.

FIG. 11 is a flow chart of a process for maintaining memory control on acomputing device.

FIG. 12 is a flow chart of a process for providing thread affinity withmessage passing between computer processes.

FIG. 13 is a flow chart of a process for providing state information ina stateless environment.

FIG. 14 is a flow chart of a process that provides imaging for acomputing device across a network.

FIG. 15 is a flow chart of a process for providing remote monitoring andcontrol of a computing device.

FIG. 16 is a flow chart of a process for providing caching on acomputing device of data that is stored centrally on a hosted computersystem.

FIG. 17 shows an example of a computer device and a mobile computerdevice that can be used to implement the techniques described here.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

This document describes systems and techniques for providing interactionwith a user of a computing device, such as a mobile smart phone, using,for example, elements of an operating system that runs on the device.The system and techniques may provide various operating systemcomponents that may communicate with, and be served from, one or morehosted server systems. In particular, the operating system may bedesigned so that it is run with an internet connection most of the timeit is executing. As a result, many of the operations performed by theoperating system may be designed to assume that a network connection isavailable, and to rely on caching techniques or other bridgingapproaches until a network connection can be restore. In particular, thedevices described here may have nearly always-connected wireless datainterfaces that communicate with data portions of one or more cellulartelephone networks to reach the internet.

In the techniques described in particular detail below, a device mayitself save state data for web pages or other environments that do nottypically save state data. Such data may be saved as changes that a userhas made in interacting with web pages that have been displayed by abrowser of the device, such as text that a user has entered into forms.If the browser is closed or crashes, the state data, which may beidentified from a DOM for a web page (or DOMs for multiple pages whensuch multiple pages are open on the device) can be saved in persistentstorage on the device, along with an identifier for the page to whichthey belong.

Each time a page is loaded by the browser, a list of URL's or otheridentifiers for the stored state information may be checked, and thestate information may be added to the DOM of the newly rendered page(which main page data may have been obtained from the server that hoststhe page, and then may have been supplemented by the saved state data inthe DOM). In this manner, a device may save state data for various webpages, so as to save a user the need to enter data more than once, topick up with a user where the user left off (and without the need for aserver system to use a cookie or similar item to do so), and tootherwise make a user's experience with a system more seamless andenjoyable. The document now describes other implementations that may becombined with the state saving techniques described above, and addressessuch techniques more particularly below with respect to FIGS. 5 and 13below.

Referring now to FIG. 1, there is shown a conceptual diagram of a systemfor providing delayed locking of a computing device. In general, thesystem provides a mechanism for allowing the user of a portablecomputing device to take actions to shut down the portable computingdevice, though without immediately shutting down the device. As aresult, if the user changes his or her mind soon after taking suchactions, the user may re-activate the device without having to takeother steps that, but for this feature, would have otherwise beenrequired if the device were to shut down immediately upon the usertaking such actions.

In the figure, three different states of a portable computing device, inthis case a laptop computer having a clamshell design, are shown. In afirst stage 102, the computer is open and operating, and the time is 12o'clock noon. A display 108 on the computer indicates that a lock timerhas been set to 10 seconds. The display 108 is provided by way ofexample here, though in actual usage, the device would not display theamount left on the timer, and the timer would not have begun operatingat the point shown by state 102.

At state 104, after five seconds, the display is closed to the base ofthe computer—an action that would normally cause the computer to beginimmediately going into a hibernate or other form of inactive mode. Suchchange would include powering down a microprocessor on the computer,turning off the display 108, turning off a cooling fan and otherassociated mechanisms, powering down a graphical processing unit (GPU),and performance of other power saving techniques on the device. Althoughnot shown by the state 104, the device has not fully powered down orbegun the power down when it has been closed for only a few seconds,because in this example, the device has a built-in delay of 10 secondsbefore it will even begin a shut-down sequence (and there may even besome indeterminate time after that sequence starts until the devicepasses the point that it can be reactivated without substantial userinvolvement such as entering an unlocking password). Instead, a limitednumber of features may be powered down, such as by switching off thedisplay 108, so as to give the user the impression that the device ispowering down. But re-activating the device may not, at this point,require anything more than opening the device again.

After 14 seconds and 9 seconds after closing the device, at state 106,the device is opened up, for example, because the user of the devicedecided that they did not want to stop using the device, and insteadneeded to perform additional work using the device. Because the timerwas set to expire after 10 seconds, the device has not yet transitionedinto its hibernating or other powered down state. Instead, all systemson the device that take a substantial amount of time to power back uphave stayed powered up, and only limited systems have been powered down,such as the display 108. Also in this example, the timer has been resetto 10 seconds again, so that if the user closes the device again, itwill not begin going into a hibernate or other inactive mode for 10seconds after the closing. In certain embodiments also, the device mayimmediate go to sleep in response to one input and not to another. Forexample, entry of a control key combination may cause the device to goto sleep immediately, and entry of such a combination may be assumed tobe more intentional by a user. In contrast, closing of a clamshelldevice may implement a predetermined delay, as such action may be morelikely to be intended as a temporary action (e.g., as a user moves thedevice from one place to the next).

The particular delay time for beginning a process of powering down adevice may be set by a user of the device. For example, if the user doesnot want to maximize battery savings, and frequently closes theircomputer and then immediately or soon after determines that they wouldlike to begin working on their computer again, the user may set arelatively long period for the timer to count down before the devicebegins to power down its various systems to go into a sleeping orhibernate mode.

While the device here is shown as having a clamshell arrangement, whichwould include a switch near the hinge of the computer, so that theswitch may be depressed when the clamshell is close and they computermay determine to go into a power down mode, other implementations mayalso be used. For example, a flat touchscreen tablet or slate computermay allow a user to power it down by pressing a power button on a frontsurface, back surface, or peripheral edge of the device. Such an actionmay cause a display on the device to turn off immediately so as to givea user the impression that the device is fully powering down. However,other subsystems on the device, such as a microprocessor, memorycontrollers, graphical processing unit, and other such subsystems maystay on for the duration of a timeout delay, as discussed above.

Apart from powering down systems, the timer may be used to delay theonset of a security apparatus being reset on a computing device likethat shown. For example, certain computing devices may be arranged sothat, when they are placed into a sleep mode or other inactive mode, apassword or other security mechanism will be required by a user to bringthe device back into fully active mode. Without the timer discussedhere, a user may be forced to reenter their password if they close theirdevice or otherwise inactivate it, and then quickly remember that theyneed to use the device again. With a timer, such as the timerimplementation discussed here, the user may press a button or open theirdevice quickly after they have done something to inactivate it and theymay have a homepage or desktop for the device displayed nearlyimmediately to them, without a need for them to reenter their passwordor other credentialing information to unlock the device. In short,transition from an unlocked state to a locked state on the device may beintentionally delayed a determined, and user selectable time period.

In this manner, the systems and methods described here can provide for amore convenient user experience with a computing device. The device maydelay its powering down slightly after the user has indicated a commandto power down, and such delay may be used to allow the device to powerup quickly if the user changes his or her mind quickly. At the sametime, the power down delay may be relatively short, so that no excessbattery power is used up for the device.

FIG. 2 is a conceptual diagram of an operating system that usescontextual objects. In general, a contextual object is an operatingsystem object that has stored with it, or for it, information about acontext in which the object has previously existed in the operatingsystem, including by describing other objects that have been present andactive in the operating system when the first object has been createdand or active in the operating system.

In the figure, a computer 202 is shown in the form of a basic clamshelllaptop computer, though the computer 202 may take other forms, such as asmart phone, touch-screen tablet, or slate device. A number of visualrepresentations of objects are shown on the screen of the computer 202,and include icons and representations of applications loaded on thecomputer 202. For example, an icon 208 represents a particular wordprocessing document that is accessible from the computer 202, such as bybeing stored on persistent storage on the computer 202, or at a serversystem that is accessible from computer 202. For example, computer 202may store a cookie or other mechanism by which it may identify itself toa server system to indicate an account with the server system registeredto a user of the computer 202. Such mechanisms may be used by computer202 in order to obtain information from the server system, such as toobtain data that represents the document of icon 208. A user may thencall up the document by selecting the icon.

A widget or gadget 212 is represented by a clock on the display ofcomputer 202, and indicates a type of object that may also be displayedon the computer 202. The widget or gadget 212 may take a variety offamiliar forms and may be provided as code from third parties who draftapplications to supplement functionality that is otherwise available onan operating system loaded on device 202. News feed 214 represents anactive application that is running on device 202, in the form of a newsaggregator that shows recent current event updates to a user of computer202.

Icon 204 represents an object in the form of a persistent search to beperformed by computer 202. A persistent search is a search that isrepeated automatically by a device such as computer 202. For example, auser who is planning a vacation to Europe may establish a persistentsearch of airline flights to Europe, so that the user may immediately benotified if a flight becomes available at a certain price.

A pair of boxes 206, 210 indicate contextual data that may be saved inAssociation with one of objects 208 and 204. For example, box 210indicates contextual information for a document or word processingdocument such as document 208. Various fields are shown in the box 210to indicate the type of contextual information that may be saved withthe object. For example, the object includes a name that describes thetype of object that it is, and an identification number that uniquelyidentifies the object with respect to all other objects stored on thecomputer 202.

The box 210 also shows a time at which the object was initially created,and a list of objects that were also open on the computer 202 when theobject 208 was created. In addition, the box 210 includes a list ofother objects that were open the last time the object 208 was used. Inthis example, a user was reviewing the website www.test.com both whenthe word processing object 208 was created and the last time it wasused. Also, when the word processing document was created, thepersistent search object 204 was active on the computer 202. Such aconcurrence may indicate that the document was created by the user tocontain information generated by the persistent search. A furtherstronger inference in that regard may be formed, for example, if theuser copied the information to a clipboard from the persistent searchresults, created the document, and then pasted the search results orother copied data into the document. Such information may also be storedin association with the object 208, as shown in box 210 (e.g., bydetermining when the document is last saved, what information in thedocument is shared by other applications that are open at the time, thusindicating that content was copied between the document and the object).

The box 210 also shows objects that the document object 208 hasinteracted with. In this example, the document 208 has interacted withan application web printer, which may indicate that the document 208 hasbeen printed out on that printer. Particular direct interactions betweenobjects may be stored, because they may provide an indication ofespecially strong connections between the object and other objects. Suchconnections may be used to identify a user who is an intended user of anobject in particular situations.

Box 206 indicates contextual information that has been stored inassociated with object 204. Again, the object's named includes a uniqueidentification number, along with a time at which the object wascreated. As indicated in box 206, four different other objects wereactive when the persistent search object 204 was created. Those otherobjects include a word processing document, a spreadsheet document, andtwo different webpages that were being viewed on the computer 202 whenthe persistent search object was created. Also, box 206 indicates thatthe persistent search object has interacted with a mapping applicationand a contacts application on the computer 202. Also, an access logindicates the times at which the object has been accessed by a user andmay also include information indicating what the user did with theobject.

Using the information shown here, a variety of services may be providedto a user with computer 202. For example, when object 208 is nextlaunched on the computer 202, the computer 202 may look at theinformation box 210 (actually to data stored on the computer 202 oranother device, though box 210 represents such data in this figure) todetermine that a user of the device 202 frequently has had thewww.test.com webpage opened in a browser when the particular documenthas also been open for word processing. Such a determination may be usedin appropriate circumstances to automatically launch the browser withthat webpage active in the browser, when the document is opened. In sucha manner, the user may cause multiple inferentially-related applicationsto be activated by selecting only one icon for one of the applications.

FIG. 3 is a conceptual diagram of a system 300 for maintaining memorycontrol on a computing device 305. The illustrative system 300 mayinclude an operating system 330 that controls the execution of softwareapplications 310 on the device 305. In one implementation, the device105 may be a cellular telephone, netbook, or tablet, containing anoperating system 330 capable of executing several software applicationssimultaneously. In alternative implementations, the computing device 305may be a laptop, personal computer, personal digital assistant, or otherappropriate computing device.

In one implementation in which the device 305 is a telephone, afterturning on the telephone, the telephone's operating system 330 may beloaded from persistent memory 320 and may present to the user agraphical user interface containing a predetermined display of icons.Each icon can be either an application or a proxy for an applicationthat is available to the user; when selected, a chosen icon may, ifnecessary, pass the associated application's parameters and filelocation in memory to the operating system 330, which, in turn, canexecute the application 310. Each executed application uses a segment ofthe telephone's persistent memory 320; as an application continues torun, its memory requirements may increase. As the user executes moreapplications 310, or the running applications 310 consume additionalmemory, the telephone's memory 320 may eventually become inadequate toaccommodate the memory demands of the applications 310.

In an exemplary implementation, the memory management system 300 mayrespond to memory shortages by terminating one or more applications 310when persistent memory 320 has been exhausted and reviving theterminated application when the user returns to the application. Incertain implementations, because the terminated application window maybe either fully or partially obscured by another application window, theuser may not be aware that the application has been terminated. When auser chooses to switch back to the application, the application may bere-launched and the user may not know that the application wastemporarily terminated aside from perhaps a sluggish response indisplaying the application.

In an illustrative implementation, the operating system 330 can rank theapplications 310 according to a user's interactions with the graphicaluser interface, and each application 310 may generate and saveinformation regarding its current state in response to a signal from theoperating system. The applications may save such state informationthemselves or may provide the information to the operating system 330,which may in turn save the information to persistent storage (e.g.,flash memory).

If memory 320 is exhausted, the operating system 330 may terminate oneor more ranked applications 310 and later recreate the terminatedapplications in response to a user request. For example, once theoperating system 330 has loaded, the user may select a document viewingapplication to read a stored document. Subsequently, while the documentviewer is still running, the user may open a web browser and beginsurfing the Internet. In the midst of the web browsing session, theuser, in response to a notification that an email has arrived, mayselect the telephone's email application to review the new email. As theuser is reading the email, the user may attempt to run a calendarapplication to create a reminder for an event mentioned in the email.

In an exemplary implementation, as the user opens new applications, theoperating system 330 may rank the applications 310 according to one ormore dynamic criteria. Here, the operating system 330 might rank therunning applications 310, in descending order of importance, in thefollowing manner: email application, web browser, and document viewer.Such ordering may occur in various ways. For example, the applicationsmay be separated into various categories, such as necessary businessapplications, entertainment applications, etc. In some implementations,the operating system 330 may recognize that a particular applicationlays dormant when it is in the background, so it may classify thatapplication as low priority. But another application may be constantlyaccessing information over a network (e.g., a messaging program) and maythus be ranked as a higher priority application. In someimplementations, applications are divided into two categories: visibleand invisible applications. Invisible applications (i.e., thoseapplications whose windows are not visible to the user) are ranked lowerthan visible applications. In an alternative implementation, thedevelopers of the applications may self-classify the applications or theuser may classify or otherwise rank the applications, and suchclassifications or rankings may be provided to the operating system 330.

As the user interacts with the applications 310, each application maygenerate and save information regarding the current state of theapplication. For example, when an application enters a state where itcould be killed by the operating system 330 at any time (e.g., theapplication is no longer visible to the user) the operating system 330may instruct the application to save its current state.

Returning to the illustrative example, because the telephone's memory320 might be insufficient to run all four applications at once, theoperating system 330 may choose to terminate the lowest rankedapplication (in this example, the document viewer) as it opens thecalendar application because it has run out of memory. In an alternativeimplementation, the operating system 330 may predict a pending memoryshortage and terminate one or more applications to prevent memory fromrunning out. For example, if the amount of memory currently availabledrops below a predetermined threshold, the operating system may kill lowranking applications to bring the amount of currently available memoryabove the threshold. In an alternative implementation, the operatingsystem 330 may compare upcoming memory requests by applications 310 withthe amount of memory currently available; if the amount requestedexceeds the amount currently available, the operating system may killone or more applications.

In such a situation, the operating system 330 may identify the lowestranked application or applications and terminate them temporarily. Theoperating system 330 may also set a flag as an indication ofapplications that may need to be re-launched automatically at a latertime, e.g., when memory frees up,

Selection of an application to kill may occur by other techniques. Forinstance, the operating system 330 may determine the amount of memorythat is needed by a particular application and then identify otheroperating applications that can free up that amount of memory plus acertain safety zone of overhead memory. As one example, an applicationmight require 3000K of extra memory and three other applications mighteach be capable of freeing up 2000K, 3000K, and 35000K of memory,respectively. The operating system 330 may determine that the least“damage” to memory, or the best use of available memory, may beaccomplished by killing the first two programs because they most closelyapproximate the amount of memory that is needed. Alternatively, theoperating system may be programmed to prefer killing as few applicationsas possible. In such a situation, the third application in the examplewould be killed.

Once the user has finished using the calendar application, the user maychoose to return to the document viewing application. When the operatingsystem 330 detects an attempt by the user to return to the documentviewing application, which has been killed temporarily, the operatingsystem 330 may recreate the application using the saved stateinformation.

To do so, the operating system 330 may first sense a command to accessthe document viewing application, and may note from the stored flag thatsuch application was active but has been killed temporarily. Theoperating system 330 may then launch the application and pass the savedstate information to the application so that the application may berecreated in the form it was in, or substantially the form it was in,when it was temporarily killed. Alternatively, the application may havestored its own state information in cooperation with the operatingsystem, and may itself access and implement such information.

FIG. 4 is a conceptual diagram of a system that provides thread affinitywith message passing between computer processes. In general, the systemshows a pair of processes that are executing on a computing device andare communicating with each other to pass information between theprocesses. For example, one process may pass a message to the secondprocess along with information on how the second process is to respondor react to the message, and the second process may provide aconfirmation to the first process once it has responded or reacted tothe message. Referring more specifically to FIG. 4, the system 400includes a first process 402 and a second process 404. Both of theprocesses 402, 404 may be executing simultaneously or substantiallysimultaneously in a time-wise overlapping manner on a single computingdevice.

The first process 402 may be, for example, a document management programthat displays one or more documents 412. The document management programmay be, for example, a word processing application or a Web app thatimplements a word processing application in a Web browser. In certaininstances, the Web browser may be part of an operating system, whereinthe Web browser is the only native application for the operating system,and all other applications operate as Web apps inside the Web browser.

The second process 404, shows the execution of a mapping application414. For example, a different Web app running in a system may access aserver-based mapping service and may provide information in generallyknown manners for display of a geographical location using graphicaltiles of a mapped geography. For example, a location of a user of adevice that is executing the processes 402, 404 may be indicated on amap using a pin or other icons. The separate processes 402, 404 may alsobe represented on a device as separate tabs at a single Web browser,where the processes are sandboxed from one another, including byimplementations that generally prevent communications between differentdomains from occurring within a Web browser.

A set of arrows passing between the processes 402, 404 indicatesmessages and information that may be communicated from one of theprocesses to another, and vice versa. For example, a message 406 may beinitially sent from process 402 to process 404. For example, the messagemay indicate information that would cause a display for process 404 tochange. In this example, for instance, the message 406 may include alatitude and longitude or address description that may be used to causea different area of the map displayed in the mapping application 414 tobe shown.

In addition, the process 402 may pass to process 404 information aboutthe manner in which a command or commands that relate to the message 406are to be carried out by the process 404. In this example, theinformation is in the form of a priority command 408. The prioritycommand 408 may notify the process 404 regarding the priority that itshould give to its execution relating to the message 406. For example,if process 402 is not a time-sensitive form of process, the prioritycommand 408 may indicate that a response to message 406 is not to betreated as a high priority by process 404.

The message 406 and priority command 408 may be passed to process 404separately or together, and directly or indirectly, depending on theparticular circumstances. For example, when the message 406 and prioritycommand 408 are passed together in a single larger message, the process404 may parse the larger message to identify the message portion of themessage, and the priority command that is embedded within the message.In other examples, additional information may be included with themessage 406, and may be identified and processed as is appropriate forthe manner in which the process 402 and the process 404 are programmedto operate and interoperate. Interoperability of the process 402 and theprocess 404 may be maintained by the two processes adhering to anapplication programming interface (API) or other similar standard forformatting communications between the processes.

In certain implementations, the process 404 may pass a message back tothe processor 402. One such message is a confirmation 410 that indicatesto the process 402 that the process 404 has fully acted on the message406. In certain implementations, the confirmation 410 may occur simplyby the process 404 providing information back to process 402 in responseto receiving the message 406. In this particular example, suchinformation may include an image of a mapped area determined by theapplication 404, that may be automatically integrated into the document412 that is being managed by process 402.

In this manner, inter-process communication may be enhanced by allowingone process to communicate additional information to another process,including when the processes are part of separate windows or tabs thatrun in a sandboxed environment in a Web browser application. Suchcommunication may allow a first process to control the manner in whichanother process executes certain code, including the priority to whichthe second process gives the execution of the code. As a result, tighterinteroperability between processes may be provided while stillmaintaining high levels of security that prevent one of the processesfrom illicitly controlling or affecting one of the other processes.

FIG. 5 is a conceptual diagram of a system that provides stateinformation in a stateless environment. In general, the system 500 usesa server system 502 to save up-to-date state information about the stateof browser applications on various devices that are logged into serversystem 502 on behalf of a particular user of the server system 502. Forexample, where a browser is the only native application of an operatingsystem on a device, such as computing device 504, the state informationmay be continually uploaded to, and updated in, the server system 502.As an alternative to providing the state information for storage at aserver system 502, particular ones of the devices may save the stateinformation locally in their own persistent storage. In such a manner,if the user turns off computing device 504 or otherwise moves to anothercomputing device and logs into the server system 502 from the othercomputing device, the state information for the browser application maybe replicated to the application running on that other device (orrunning on a browser that is shut down and then reopened on the samedevice), where that application may also run in an operating system inwhich the Web browser application is the only native application, andall other applications are web apps that run within the browserapplication. Also, if a user closes a session on one device and laterstarts up the same device, the techniques discussed here can reestablishthe session using state data that is stored at a server system ratherthan on the device itself. As a result, the system may operate withoutrequiring excess memory for storing such information on the device, andthe state information may be more easily shared between devices.

The system 500 in this example includes a computing device 504 thatcommunicates through a network 506, such as the Internet and relatedconnected networks, with the server system 502. The server system 502may be housed as part of a larger data center in a system that providesvarious Web services to users of the system 500. For example, the serversystem 502 may include one or more Web servers that may provide HTMLcode for generating documents for display on the computing device 504.

The computing device 504 includes a number of particular components thatallow state information for the browser application, which wouldnormally be a stateless application, to be stored so that a state of thecomputing device 504 (or more particularly, the state of one or more webpages displayed in a browser on the computing device 504) may bereplicated at a later time on the device 504 or on another device. Forexample, if the user puts device 504 into a sleep mode or turns offdevice 504, the most current state of the device 504 may have alreadybeen saved to server system 502 (e.g., when the user performed his orher last action with a web browser) or may be uploaded to server system502 before the operating system allows the device 504 to go into a sleepmode fully. The state information may have been previously stored at theserver system 502, for example, if the device 504 is programmed toupload an indicator of a change in state information every time there isa change in state information on the device 504, or every time there isa change of state information of a particular type (e.g., for everykeystroke or mouse click, but not simply for movement of a pointer onthe device 504 display). The state information may include documentobject models (DOMs) for pages currently displayed on the device 504 inaddition to other relevant information needed to recreate the state ofthe device.

Referring now to particular components that may be implemented in device504, a browser application 510 is shown and may be an only applicationthat executes natively on the device 504. Separately, HTML 508 may bestored on the device 504 so that it may be rendered by the browserapplication 510. The HTML 508 may take a variety of forms and may berepresented in one or more examples as a document object model (DOM)tree. Also, the device 504 may store and implement JavaScript 512 andJavaScript variables 514. For example, when the HTML 508 is rendered,the HTML may include pointers or calls to various JavaScript programsthat will run on the device 504. Those programs, when executing, mayretrieve or generate variables or other information needed in theoperation of the programs.

Also, a user interface 516 may be stored on the device and may representvarious parameters, including a current representation of what isdisplayed on a visual display or screen of the device 504. For example,the user interface 516 may store information about what tabs of thebrowser are open at a particular time, and/or whether a different typeof application supported by the operating system such as a floating panedisplayed over the top of the browser, as a particular state, and otherappropriate information that may be used to describe the current stateof the display on the device 504, and may be further used to reconstructa display that matches the current displayed information on device 504.

A webpage saving application 518 may also be implemented on the device504, and may track a current state of the browser 510 and otherbrowsers, or other programs executing on the device 504. For example,the webpage saving application 518 may intercept calls to, or from,particular components on the device 504 to determine changes that havebeen made with respect to content represented by the browser 510 or toother information. The webpage saving application 518 may then cause acommunication to be generated by device 504 and directed to serversystem 502 to indicate a change that has been made in a current state ofthe browser 510. For example, the device 504 may provide to the serversystem 502 information indicating that a browser tab has been opened,and also providing a URL for that tab. Alternatively, the web pagesaving application 518 may save to storage on the device 504 itselfinformation that represents changes that have been made to web pagesafter they have been rendered on the device 504.

The webpage saving application 518 and other components on the device504 may also have access to a data store of images 520. In certainaspects, the images 520 are simply operating system level images, suchas images for general icons and other basic information that is neededto run the device 504 and to recreate the state of the device 504. Theimages may also be images on webpages or images used by Web apps on thedevice 504, and may be stored on behalf of webpage saving application518 for later access in or by the application 518. The storage, incertain implementations, may also include saved state-relatedinformation that represents the current state of web pages displayed onthe device 504, along with changes made to the pages after they havebeen served (e.g., entry of text by a user).

Using the system 500 described here in one example, the current state ofthe user's device may be captured and uploaded to a server system 502.Such capture may occur automatically, repeatedly, and frequently. Forexample, the state may be checked every time a user hits a key or clicksa mouse input, every 1, 2, 3, 4, or 5 second, or according to othersimilar frequent mechanisms. The user may then move to another computingdevice, such as by moving from a home computer to a network computer,and when the user has booted up the other device and perhaps providedcredentials to identify themselves to the server system 502 (eithermanually or via a saved cookie on the other device), may have the fullstate of device 504 replicated at the work computer or other suchdevice. Similarly the state may be reflected and recreated using thesame techniques if the user suddenly closes a browser and then laterinstantiates it again.

As a result, the user may switch from one setting to another or may comeback to a place he or she left more conveniently and may be able to useapplications on the device 504 more efficiently. For example, if a usersets up applications or Web apps that are executing in the browser 510on the user's behalf, the user may want to keep those Web apps runningat a later time or at another device. For example, a user may prefer tohave an email Web app, a document editing app, a mapping app, and ageneral web browsing window open at all times, and the state replicatingtechniques can allow the user to do that without having to manuallyrecreate the state whenever the user moves from one machine to another.

FIG. 6 is a conceptual diagram of a system 600 that provides imaging fora computing device across a network (where an image here is a systemimage rather than a graphical image such as a photograph). In general,the system 600 includes a variety of devices such as mobile computingdevice 604 that may communicate through a network 606, such as theInternet, with a hosted server system 602. In addition to providingvarious hosted services, such as search engine services, mappingservices, e-mail services, document management services, and the like,the hosted server system 602 may also cooperate with an operating systemon the device 604 so as to manage the operating system on the device604. For example, the operating system on the device 604 may be anoperating system that has a single native application in the form of aWeb browser, and other applications that execute on the device 604 maydo so as Web apps in the Web browser. Such an approach may minimize thenumber of native applications that need to be stored on and managed bythe device 604. In addition, as described here, such an arrangement maysimplify the manner in which the device 604 may be managed by the hostcomputer system 602.

In this example, the device 604 is shown as storing an image 608. Theimage may define what components are persistently stored on the device604. For example, an image 608 may include basic operating systemcomponents beyond the firmware on the device 604, in particularprograms, where a single program may be part of the image of anoperating system on the device that has a single native program in theform of a Web browser. Generally, images may be used to ensure thatmultiple computers have a common baseline of components in them so as toimprove the ability to manage and maintain the operability of suchcomputers. In particular, a company may want a certain number ofsoftware components available to its employees and other components notavailable, so it may define an image and may install that image on theemployees' machines when they are first deployed.

Within this example, the server system 602 cooperates with the device604 and other devices that receive services from the system 602 in orderto maintain or repair images on the devices. As shown in the figure, anumber of particular components may be employed by server 602 inproviding such services. For example, an image interface 610 may beprovided to interact with remote devices like device 604. The imageinterface 610 may, for example, communicate with the devices to verifythat the image on each of the devices is still accurate. For example,where no applications are allowed to be added to a device, such as whenthe only native application is a browser in the additional applicationsare web applications that are not persistently stored, a hash may bemade up from the native components on the device 604, and that hash maybe stored and compared to a subsequent hash that is computed each timethat the device 604 is booted. If the hashes do not match, that mayindicate that the core components for the operating system on the device604 have been compromised. In such a situation, the device 604 may senda message to the image interface 610, which may cause the interface 610to in turn cause other components of the server system 602 to performcertain operations.

For example, an image re-constructor 616 may be programmed to identify,gather, and assemble particular components for an image, which may be areplacement image for device 604. The image re-constructor 616 mayinitially look to an image index 618 to identify the form of an imagethat is supposed to be installed on device 604. For example, aparticular revision number for an operating system may be provided forthe device 604. Alternatively, devices by different manufacturers oruser bases may each have a custom image, though devices in a lineprovided by a single manufacturer may have a common image. Therefore,the image index 618 may be able to receive an identifier for amanufacturer and model of a device or of a company that operates thedevice, and to identify an image that is to be built in response to arequest from such a device (where the image may be built from commoninterchangeable components stored by the system).

In this example, an image may be built up from image fragments. Forexample, certain levels of an operating system may be part of the imageand each level in a modular operating system may be a separate fragmentfor the image. Also, different features in a common level may also beconsidered and stored as separate image fragments. The imagere-constructor 616 or an image updater 614 may use information from theimage index 618, which for example, may map an image identifier to thevarious fragments or components that make up the overall image.

Also, user device maps 622 may perform functions like those previouslydescribed for the image index 618, including by mapping particular usersor user groups, or particular types of machines to particular images.For example, a user of a device may log into system 602, and be providedwith one or more webpages on which the user can select particularcomponents or fragments for the image they would like to have presentedon their device 604. Those components may be saved in association withan identifier for the user, so that subsequent attempts to rebuild theimage can automatically select those components that were previouslyselected by the user.

With an image reconstructed, the image updater 614, in cooperation withan operational interface 612 that may control general operations andcoordination between the components discussed here, may supply anupdated image through the image interface 610 and the network 606 to thedevice 604. The update may include an entire image for the device 604,such as when the device 604 has been wiped accidentally or purposefullythrough the network 606 by the server system 602.

In certain implementations, the server system 602 may be employed toremotely wipe an image from device 604 and in certain instances toreplace the image with a new image. For example, if device 604 isstolen, the system 602 may wipe the image on device 604 and may use anidentifier that may be incorporated into firmware on the device 604 toprevent the device 604 from obtaining an image again. Alternatively, thedevice 604 may be remotely wiped by the system 602 and may then berecovered by the proper owner, so that the server system 602 may thenprovide a new and updated image to the device 604 once the owner hasverified that the device is back in the proper hands.

For example, when the device 604 is initially being booted up, a publickey may be stored in a small read-only segment of the firmware, and thekey may be used to check the kernel on the device 604. The key, or adifferent identifier, such as a hashed version or other hashed version(when the key itself is a hashed version) of one or more of theoperating system components on the device may be checked against thecomponents on the device at the time of booting, such as by running thecomponents through the same hash function that created the originalidentifier. If a match is not made, that may indicate that the device604 has been compromised (because the core code has changed when itshould not have changed) and that someone has attempted to change nativefiles on the device 600 for, such as to turn the device 604 into a botor for other purposes.

A communication interface at a low-level of the operating stack may thenmake a network connection to the server system 602 before the user caninterfere with the boot sequence, and may indicate that a failure in theimage has occurred on the device 604. The server system 602 may then usethe components discussed above to build a new image for the device 604and transfer the new image to device 604. Device 604 may then replacethe potentially corrupted image with the new image, and operate with thenew image, including by completing the compromised image.

The device 604 may also pass the compromised image, or data thatcharacterizes the compromised image, back to the server system 602. Theserver system 602 may then analyze the compromised image in an attemptto determine what caused the compromise. For example, the server system602 may compare the compromised image to compromised images from otherdevices that were assigned the same initial image by the server system602. If a number of matching compromised images are identified, such anidentification may indicate that a coordinated attack has occurred by asingle entity against the devices.

Thus, in the manners discussed here, a remote re-imaging system 600 mayprovide mechanisms for updating a device such as device 604 in aconvenient manner. For example, because the device 604 does notpersistently store much code, frequent updates to an image may provideminimal disruptions to a user of the device 604. Also, the use ofcloud-posted image data, as discussed above, may provide a convenientmanner for wiping particular client devices, and then reimaging themfrom the server system 602. In addition, the server system 602 may beable to store images for a large number of different user devices bysimply using interchangeable components that together make up an entireimage, and then mapping combinations of those components to particulardevices in the user device maps database 622, so as to be able toreconstruct a particular image from a relatively unique combination ofbuilding blocks that are common across all devices or a particular largegroup of devices.

FIG. 7. is a conceptual diagram of a system 700 that provides for remotemonitoring and control of a computing device. In general, the system 700involves a computing device 702, which may be in the form of a portablecomputing device such as a smart phone or tablet computer or laptopcomputer. The computing device 702 may be a device that is loaded with avery light operating system, such as an operating system that has onlyone native application in the form of a Web browser, and wherein otherapplications are provided in the form of Web apps that run on the Webbrowser. As with other devices described above, the device 702 mayinteract through a network 708, such as the Internet, to communicatewith a server system 704 in a desktop computer 706. The desktop computer706 may be a computer that is owned by the same person as the computingdevice 702. For example, a user may have a desktop computer at work orhome, and may use a portable computing device 702 on the road. Thesystem 700 described here may be directed toward providing greatersecurity in a computing device, by making it harder for fraudsters orsimilar people to interfere with the operating system for the device702, and to provide a chance to check for malicious code or content.

One example mechanism for identifying security breaches at an earlystage during the boot process is shown by the example stack in thefigure. The stack in this example is relatively compressed, and includesat its lowest level a BIOS 716, which may be implemented in firmware.The BIOS may perform traditional operations for a BIOS, and may alsoinclude code for establishing a limited network connection with theserver system 704. The limited connection in this example is used toreport nefarious activity from the device 702 to the server system 704(before the boot process has gotten to a level that can be hackedeasily), or from the server system 704 to the device 702. As oneexample, a user may discover that the device 702 has been stolen, andmay log on to the computer system 704 using computer 706. The user maythen request that the device 702 be wiped, shutdown, or that it take apicture of the current user and report a current location of the device702, or other appropriate action. When the device 702 is next booted,the BIOS 716 may notify server system 704 through a message sent by wayof network hardware 718, which may include mechanisms for performingwireless communications. The server system 704 may respond back with astatus message. Normally the status message may indicate that everythingis okay. However since the user has logged in and reported the device702 missing, the server system 704 in this example indicates to thedevice 702 that there has been a problem.

The server system 704, as shown by a return arrow between the network708 and the device 702, may provide instructions for the subsequentoperation of the device 702. For example, the server system 704 mayinstruct the device 702 to take a digital image of a user of the device702, such as when the device 702 senses that someone is typing on thedevice 702. Device 702, having been fully booted up, may upload thepicture automatically and without notifying the current user (presumablya thief). In addition, such image may be accompanied by GPS data thatindicates a current location of the device 702. In this manner,law-enforcement authorities may know where to go to recover the device702, and may also have proof that a particular user was using the device702 while it was stolen.

The remainder of the stack for the booting of device 702 is alsorelatively compact. For example, after a basic security check has beenmade using the BIOS code 716, code for an operating system 714 may beexecuted and basic components of the operating system may be launched.As part of the operating system launch or as part of a similar butseparate action, services 712 may then be opened and made available onthe device 702, and applications 710, such as a dedicated native Webbrowser application for the operating system 714 may be launched.

Security checks may also be performed automatically and periodically,including after a full boot has occurred. For example, a watchdog timer720 may run on the device 702, and may cause security on the device 702to be checked periodically. For example, the stack shown here may be inits own system partition and when it is updated, may have a functionapplied to its code so as to create a hash value. When the watchdogtimer 720 is triggered, a similar hash can be performed to whatever thestack contains at the time, if the operating system is one in which eachof these components is always in the stack and does not change exceptduring an update. The new hash may then be compared to the stored hashfor the stack (Hashes may also be performed on fewer than all thecomponents in the stack). If the value has changed, the server system704 may be notified, and may subsequently send out a signal to thedevice 702 such as to lock down the device, to wipe storage on thedevice 702, to reformat a storage medium on the device, or to performother such operations. The server system 704 may also notify thelegitimate user of the device 702 by a back-up channel such as a workemail or text message notification.

The device 702, in reporting problems to the server system 704, canreport immediately upon discovering a problem or a later time. Forexample, the BIOS 716 may generate an identifier to indicate problemswith the device 702. The BIOS 716 may then allow the other components ofthe stack to be executed so as to make the device 702 fully featured.Once the device 702 is fully booted up, the network hardware 718 may becaused to provide the identifier to the server system 704 so that theserver system 704 knows and understands that the device 702 hasproblems, and so that the server system 704 may send to device 702appropriate messages, such as messages to reboot, and reboot aparticular process or processes, and erase a storage medium on thedevice 702, or to reformat a storage medium on the device 702.

FIG. 8 is a conceptual diagram of a system for providing caching on acomputing device of data that is stored centrally on a hosted computersystem. In general, the system 800 uses storage 808 on a computingdevice 802, to serve as a cache for storage 810 on a server system 804.In such a manner, operation of the device 802 may be made more efficientand speedy by allowing cached data 808 to stay at the device 802 in manycircumstances, and to require a round-trip over a network 806 inrelatively fewer instances, so as to speed up processing. The device 802here may be implemented like other devices discussed above, as having anoperating system for which a Web browser is the only application, andother applications operate as Web apps of the Web browser. Also, thestack discussed for FIG. 7 may be implemented on the device 802.

In the figure, the device 802 is shown storing three particular values:A, B, and C. Similarly, server system 804 is storing two of those valuesin the form of A and B, in a corresponding manner. The server system 804is also storing a value for D. The values for A and B in storage 810 areshown with brackets around them to indicate that those items are“dirty,” and may not be trusted by other devices attempting to accessthe storage 810, because they may have been changed by device 802 instorage 808. Essentially, the server system 804 operates as if thedevice 802 has checked out those values—though if a request is made forthem by another device, the server system 804 may inquire of the device802 to get their latest values and get control of them back from device802. Also, as shown in the figure, only item B has been changed at thedevice 802 from the version of the item that was obtained from theserver system 804, as shown by an apostrophe on item B in storage 808.

While operating, device 802 may perform various operations that resultin values for items A, B, and/or C, being changed. At an appropriatepoint in time, the device 802 may submit such changes to the serversystem 804, which may in turn update the values for the items in storage810. The device 802 may also indicate that it is done using the items,and in response, server system 804 may unmark the items as beingcontrolled types of values in the system 800. In this manner, data maybe cached conveniently between a Web app running on device 802, and adata store for a server system 804.

FIG. 9 is a flow chart of a process for providing delayed locking of acomputing device. In general, the process may execute on a computingdevice that is arranged to delay a passage from an active mode into asecured or locked mode, such as a sleep mode, when a user closes thedevice, such as by closing the cover of a clamshell device or bypressing a button or other component on a tablet device to put it into asecured sleep mode. In this example, a secured sleep mode is one inwhich a user has to enter a password or perform another similaroperation to unlock the device in order to use it again. Generally, sucha device is referred to as being locked because it requires active inputto reactivate, aside from simply turning the device back on.

The delay that is purposely introduced by the process described here mayallow the user to get back into the device within a short time periodafter they indicate that they would like the device to go into a sleepor locked mode, in case the user quickly changes their mind and needs touse the device again before fully putting it into the sleep mode. Wherethe delay is appropriately timed and short, such a delay may introduce aminimal security burden to the process, in that the proper and originaluser is likely to stay near the device throughout the delay period, sothat an interloper cannot take the device before it transitions to alocked mode.

The process begins at box 302, where it begins monitoring a computingdevice to determine whether a user has indicated that it should performa particular action. At box 304, the process receives a user inputregarding a locking time. For example, a user may configure theircomputing device so as to have a delay before changing the device into asleep mode that can vary for particular users. For example, in thisinstance, a user may identify a delay of 9 seconds so as to provide anadequate time for the user to change his or her mind and reestablish anactive state of the device. In response to the users' input regarding adelay time for locking the device, at box 506, the process adjusts alocking time parameter for the device. Such a parameter may bepermanently stored on the device, so that from one session to another,the delay period for locking the device is the same, and the user canbegin to feel comfortable that they will be able to reanimate the devicequickly if the time has not expired.

At box 908, the process identifies that the device has been moved fromthe open configuration to a closed configuration, such as by the userclosing a shell cover on the device to push a power switch on thedevice, or by the user directly pressing a switch to turn off the deviceor move it into a sleep mode. The relevant transition discussed here isa transition that requires substantial user input to return to an activeoperable mode for the device, such that it is more than simply movingthe device from a closed to open configuration that might turn off thescreen but be readily reversible, in that the device is not locked andsubstantial components have not powered down in response to the modechange. Nonetheless, to give the user feedback that their input has beenreceived, a screen on the device may be blanked immediately after thedevice moves from open to closed configuration, even though a delay inmoving the device to a sleep mode that requires substantial user inputto recover from is ongoing.

At box 910, the process starts a shutdown timer that is tied to lockingof the device at the expiration of the time parameter. The timeparameter in this instance is the parameter that was selected by theuser at box 904, and applied by the device at box 906. For example, thedevice may blank the screen and start a 9 second countdown timer as soonas it is closed, but may not move to a different mode until the timerhas expired. Thus, at 912, the process repeatedly checks to determinewhether the time that was set has expired. If it is not expired, theprocess checks, at box 914, whether the device has been opened. If thedevice has been opened, the process returns to monitoring the computingdevice at box 902. Subsequently, a user may set a new time in for thelocking timer, or may again move the device from opened to a closedconfiguration, and thus repeat some or all of the actions discussedhere.

Once the timer does expire, then the process locks the device at box916. Such locking of the device may, in addition to requiring userunlocking input to bring the device back to an active state, alsoinvolve slowing particular processors on the device or removing thepower to them entirely, turning off a display screen, turning off theair circulation fans and other items that draw electrical power, andwaiting for the user to reactivate and unlock the device.

FIG. 10 is a flow chart of a process for managing contextual objects inan operating system. In general, the process involves associatingobjects in an operating system with metadata that describes contextsaround those objects when they were created and/or when they werechanged or otherwise manipulated on a device.

The process begins at 1002, where the object is instantiated in anoperating system. The object may take a variety of forms, and forillustrative purposes here, is a word processing document that may beedited in a word processing application. At box 1004, the processidentifies contextual metadata that defines the state of other openobjects at the time of the initiation. For example, a user may have aWeb browser open to a particular URL, and the process may store anidentifier for the Web browser and for the URL. Such contextual metadatamay be relevant if it indicates that the user was viewing a webpage andthen decided to take notes about the webpage in a word processingprogram. Thus, it may be beneficial to create and store a correlationbetween the webpage URL in a browser application, and the wordprocessing document in a word processing application. And as a result,the contextual metadata is stored at box 1006, and the informationregarding the instantiated object is stored at box 1008.

At box 1010, the object may be closed after a time, such as after a usertypes information into a word processing document and is finishedediting the document, and subsequently a request may be received to openthe object, such as when the user wants to edit the document some more.When the object is reopened, various other applications may be runningat the time, and they may again be relevant to the reason that thisdocument was opened by a user. Again, for example, browsers may be opento topics that are relevant to the user and, by extension, relevant tothe document that is the object.

As a result, and to capture such information, at box 1012, the processupdates contextual metadata with information about the open objectsother than the instantiated object. Thus, the metadata repository forthe object, which may be part of a domain file that represents theobject itself, may be created, added to, and updated as the usercontinually opens, closes, and manipulates the object—where the datathat is added to it represents the context on which the object existedin each circumstance, including as defined by other applications thatwere executing at the same time, and information about what those otherapplications were doing. Thus, at box 1014, the user goes through othercycles of closing and opening the object, and the metadata is updated.

Such contextual meta data may eventually be used, when it is determinedto be sufficiently indicative of a user's intent, to perform automaticactions. For example, when the user opens a document, a system maysimultaneously executed a search to a search engine in a browser and maydisplay the search results with the document—if analysis of thecontextual metadata indicates that the user typically performed thesearch upon opening the document (e.g., if the document tracks stockprices for a company, and the searches on the current price for thecompany so that he or she can cut-and-paste it into the document.).

FIG. 11 is a flow chart of a process for maintaining memory control on acomputing device. The process 1100 may be performed, for example, by asystem such as the system 400. However, another system, or combinationof systems, may be used to perform the process 1100.

Referring to FIG. 11, a process 1100 illustrates the lifecycle of anapplication in the exemplary method for managing potential memoryshortages on a computing device. The method begins at step 1105, wherean application is executed. For example, the operating system may loadan application from persistent memory in response to a user request orat the behest of another application. Next, at step 1110, the system 400determines whether the state of the application has changed. In someimplementations, the application monitor 220 can note when anapplication takes focus, when a new application has been created, orwhen application has been terminated. In an alternative embodiment, inaddition to, or in lieu of, the changes mentioned above, an applicationmanager may monitor user inputs to the system (e.g., key presses, mouseclicks, stylus or finger taps, etc.) to determine when an applicationmay have changed state.

If a change of state is not detected, the method proceeds to step 1115,where the system determines whether a memory shortage exists. If thesystem determines that a memory shortage does exist, the method proceedsto step 1130 discussed below. If, however, a memory shortage does notexist, step 1110 is repeated.

Once a state change is detected, the method proceeds to step 1120. Atstep 1120, state information is generated and stored. Becauseapplications in certain states may be killed at any time, after anapplication monitor detects a state change, the application monitor mayinstruct the application to generate and store state information inpersistent memory. In an illustrative implementation, the stateinformation may include information used to recreate the application asthe application existed before it was terminated. For example, the stateinformation may include, but is not limited to, the location of theapplication's window on the display, any changes to an application filemade by the user, and the user's preferred view mode. Once the stateinformation is generated, the application may store the stateinformation to persistent memory.

After state information is generated and saved, the method proceeds tostep 1115 where the system determines whether a memory shortage exists.If the system determines that memory has run out, the kernel mayinstruct the application terminator to make memory available by killingone or more applications. In an alternative implementation, the kernelmay determine whether memory is becoming scarce. The kernel may detectan imminent memory shortage by comparing memory requests from theapplications with the memory currently available. The kernel may alsodetermine whether the amount of memory available is lower than apredetermined threshold value. When a shortage is detected, the kernelmay take steps to free enough memory to ensure that selectedapplications will have sufficient memory to continue normal operation.

If the system has determined that memory is needed, the method advancesto step 1130 where an application terminator determines if theapplication is the lowest ranked application, i.e., whether theapplication is at the bottom of the application hierarchy. If theapplication is not at the bottom of hierarchy 224, the method returns tostep 1110 where the system monitors the application for a change ofstate. If the application is at the bottom of the hierarchy, the methodproceeds to step 1140, where the application is killed. In someimplementations, the application terminator determines whether theapplication is the last application in a program stack. If so, theapplication and any associated threads are killed.

At step 1150, they system determines if the application should berevived. In an illustrative implementation, if the system detects a userattempt to return to an application that was killed, the method returnsto step 1105 where the application is revived using stored stateinformation. For example, the system may detect attempts by the user toclose or minimize windows overlaying the killed application. Inresponse, the system 400 loads state information for the applicationfrom persistent memory, and uses the stored information to revive theapplication.

If the system 400 does not detect an attempt to interact with the killedapplication, the method returns to step 1150 where the system 400 againdetermines whether to revive the application.

FIG. 12 is a flow chart of a process for providing thread affinity withmessage passing between computer processes. In the in general theprocess is shown here as occurring between to processes that areexecuting on a single computer. For example, the two processes to himand may represent two different applications that are running on adevice and are arranged to be sandboxed from each other so as to protectmemory on the device 41 versus the other application. The process beginsat box is 1202 and 100 for, where each of the processes is instantiated.

At box 106, and after the processes have been running for a time,process eight may determine that it needs action by process be or needsto receive information back from process B. And as a result, at box 106,process eight passes a message with information defining how fast thatprocess be needs to work on the message on the half of process a. Thus,at box Paul Blake, process be receives the message, and separate themain body of the message from the priority information at box 110.Process be then uses the priority information or other information thatmay be passed from process A. with the message to determine how tohandle the message. For example, process a may need a report on thecurrent state of a computer device in order to complete its work, and ifwaiting for information to do that will substantially slow and I′ll letfrom process say that is needed immediately by the user, process may aprovide information telling process be to prioritize its operationsabove all others. Thus, at box Paul hundred 12, process be may changeits focus based on the priority information. For example, if process bewas previously working through a long but not time sensitive process, itmay state save state information for such activity and may put aside itswork on process be intelligent has responded to process eight. In thismanner, processes can communicate back and forth with each other in aconvenient manner and so as to provide more focused responses forrequests that are made through the processes.

FIG. 13 is a flow chart of a process for providing state information ina stateless environment. In general, the process involves trackingchanges in the state of an application such as panes of a web browser orone or more web apps running in a web browser, and passing informationabout those changes to a server system that stores such information. Alater computer that is logged in for the same user may then obtain thestate information from the server system and may recreate the last savedstate accordingly.

The process begins at box 1302, where a user operates a computing devicein a normal manner. The computing device may execute an operating systemthat runs a single native application in the form of a Web Browser, andother applications are run inside the Web browser, such as running asWeb apps. Each pane in the browser and each of the Web apps may besandboxed in its own isolated process for security purposes.

At box 1304, the process periodically or in response to a state changeon the device, saves an image of one or more active DOMs on the device.Such activity may occur when the relevant state is the current status ofa web page, such as whether a user has interacted with active content(e.g., JavaScript-created content) on a Web page. Other stateinformation as an alternative to DOM information or in addition to theinformation may also be saved so as to fully capture the current stateof the device, and of different processes in the device. For example, alist of each of the active processes on the device may be maintained andupdated, and particular parameters that define the current state ofthose processes may also be updated. Such information may, at the sametime or later, be uploaded to a server that is providing information tothe computing device, and the server system may organize the informationso that the last-saved state of the device can be reconstructed later.

At box 1308, a request for such a reconstruction occurs. For example, aboot process for a device that is registered via the server system withthe same user as the first device may reach out to the server systemautomatically to obtain the most recent state information for the useraccount of the registered device. The server system may then accessstored images for the particular device (where a user or group of usersmay define an image for their devices that the devices are to take onautomatically when they are booted). Also, the device may use data thatis associated with components of the image to reconstruct Web pages andother objects to the state they were in when the user last used acomputer that was registered to the user's account with the serversystem, whether the earlier computer and later computer were the same ordifferent from each other.

At box 1314, the process displays the pages and other objects with theirprior saved states intact. In this manner then, a complete or nearlycomplete stat may be recreated for web pages that may have been modifiedby a user after they had been rendered. Such reconstruction may occur onthe same device at a later time, or on different devices, such as whenthe state information is nearly constantly uploaded to a host serversystem.

FIG. 14 is a flow chart of a process that provides imaging for acomputing device across a network. The in general, the process is shownhere as occurring on one or more client devices that communicate with ahosted server system. The particular division of work shown in thisexample is provided for illustrative purposes only and other actions maybe taken by similar components or by different components in differentimplementations. The process shown here generally involves storing imagedata for constructing images that each define how a client device willoperate when it is booted. The images are stored and constructed at acentral hosted server system, and image data is provided to the clientdevices at boot time.

The process begins at box 1402 where multiple different client devicesare operated in ordinary manners by users of the devices. Each of theusers may establish parameters for an image on their particular device,such as at box 1404, and may submit the device images to the hostedserver system which may receive the images at box 1406. For example, theuser may want particular applications (such as Web apps) to be loadedwhen they boot their device, and may want settings on the device set ina particular manner.

At box 1408, the server system compares images for particular devices tostored data at the server system. For example, the server system maystore components that together make up various different images, and maysimply store one copy of each component, and a basic textual or similarfile that maps the components to each of the images for the clientdevices. For example, a binary list of digits may be used to identify anoverall image, were each position in the list may identify a particularcomponent that may or may not be present in a particular image, andwhere the presence of a one in that position for a particular device mayindicate to the server system that the device has the particularcomponent in its image. Thus, for example, at box 1410, the processreplaces portions of the device images with smaller synonyms. In theexample just described, the synonyms may be simple bit values, whereasin other implementations, the synonyms may be alphanumeric identifiersthat are unique for particular components in the system.

At box 1412, the server system saves a reduced size image with a deviceidentifier that points to the device that belongs to the particularimage. For example, the system may store code for particular componentsat one location, and may store a device identifier that is unique for adevice along with the binary stream discussed above and in otherlocation.

At a later date, a particular device may request an image, as indicatedby box 1414, and the server system may access the image for that deviceand expand it, at box 1416. As one example, a device may request animage every time it is booted, and may not store its image locally whenit is off. Such expansion may involve stepping through a binary listlike that discussed above with the server system, and gatheringcomponents where each value in the list is a one rather than a zero.Other techniques for gathering components or otherwise building an imagefor a device may also be used.

At box 1418, the server system transmits the image that it has builtback to the client device, at box 1420 the client device loads the imageand allows the device to be operated fully by a user of the device. Andusing the techniques discussed here, image data may be stored a hostedsystem in a manner in which its size is reduced across the system,particularly when a large number of devices operate with respect to thesystem.

FIG. 15 is a flow chart of a process for providing remote monitoring andcontrol of a computing device. In general, the process provides securityfor a client computing device by conducting security checks at alow-level in an operating system stack so as to reduce the ability ofhackers to get into the stack in a level below a level at which thechecks are occurring.

The process begins at box 1502, where a device is turned on by a user.At box 1504, the device accesses its boot firmware and begins the bootprocess in a familiar manner. The firmware may be part of a bios orother structure on the device. The firmware may also include mechanismsfor wireless transmission between the device and the hosted serversystem, and at box 1506 the process uses such functionality to send amessage to the hosted server system. The message may be treated as arequest to identify a change in circumstances of the device since thelast time the device checked in with the hosted server system. At box1508, the server system receives the message and identifies the deviceand parameters of the device. For example, the hosted server system mayuse a device identifier to determine whether any events relevant to thedevice have occurred, such as the user of the device reporting that thedevice has been stolen and should be locked out or wipe or reformat it.In addition, the identity of the device may be used, as discussed withrespect to FIG. 14, to identify an image for the device and begingathering components for providing the image back to the device forfurther booting of the device.

At box 1510, the server system accesses stored information about thedevice such as that discussed immediately above with respect to reportsby a user of the device and whether the device has been stolen. At box1512, the server system generates and transmits data for actions to beperformed on the device. As discussed with FIG. 14, such actions mayinclude providing an image for the device that is to be executed inbooting by the device. Such actions may also relate to security to beimplemented with respect to the device. For example, if the message thatwas sent by the boot firmware indicates that that part of a stack on thedevice has been changed since the most recent update, the actions to beperformed on the device may include wiping the device or reformatting astorage structure such as flash memory or a hard drive on the device.Similar actions may be performed in response to an external indicationfrom a user of the device that the device has been stolen. Thus, actionson the device may be responsive to information received at boot timefrom the device, or responsive to other information that is not receivedfrom the device, but that is received from an external source such as auser calling in a report.

At box 1514, the client device receives the data and instructions, andat box 1516, the client device uses the boot firmware to process thedata that has been received and/or to execute instructions that havebeen received. Other types of instructions that may be received includeinstructions to report back information about the device so that thedevice can be recovered. For example, the device may take a digitalphoto using an onboard camera in an attempt to capture an image of athief who is using the device, and may transmit back the photo alongwith GPS data that indicates a location of the device, as discussedabove.

FIG. 16 is a flow chart of a process for providing caching on acomputing device of data that is stored centrally on a hosted computersystem. In general, the process indicates how certain data for aweb-based computing device may generally be stored at a hosted serversystem, but may also be cached down onto a client device thatcommunicates with the hosted server system and depends on a hostedserver system for operating applications on the device including Webapps in a Web browser.

The process begins at box is 1602 and 1604, where both the client deviceand the hosted server device store account-based information for thedevice. For example, each device or system may store a user ID for adevice that correlates the device to a particular user account with thehosted server system. At box 1606, the client device requestsserver-side information, and at box 1608 the hosted server systemobtains the requested information and transmits it to the client device.The hosted server system may also store information for identifyingchanges that will be made to the request information in the future. Incertain implementations, the hosted server system may assume that anyinformation that is provided to the client device for editing will beedited, so that the hosted server system may mark or at leastprovisionally mark such data as being dirty when it is passed to theclient device. At box 1612, the client device receives the requestedinformation and in response to user interaction with the client device,it may modify the requested information. At an appropriate time, themodified information is transmitted back from the client device to thehosted server system. Such an appropriate time may be determined by aclock that periodically provides information back to the server system,or by a particular event, such as a user selecting a defined control inan application.

At box 1616, the server system receives the modified information, and atbox 1618, it uses stored information to identify changes to therequested information. For example, the system may compare theinformation that is received back from the client device to theinformation that was previously marked dirty to determine whether anyrelevant changes have been made to the information that was given to theclient device. At box 1620, the server system may replace a subset ofthe information with the updated subset. Thus, for example, where thesystem determines that there is not a match between the dirty data onthe system and the data received back from the client device, the serversystem may insert the changed information from the client device.

FIG. 17 shows an example of a generic computer device 1700 and a genericmobile computer device 1750, which may be used with the techniquesdescribed here. Computing device 1700 is intended to represent variousforms of digital computers, such as laptops, desktops, workstations,personal digital assistants, servers, blade servers, mainframes, andother appropriate computers. Computing device 1750 is intended torepresent various forms of mobile devices, such as personal digitalassistants, cellular telephones, smartphones, and other similarcomputing devices. The components shown here, their connections andrelationships, and their functions, are meant to be exemplary only, andare not meant to limit implementations of the inventions describedand/or claimed in this document.

Computing device 1700 includes a processor 1702, memory 1704, a storagedevice 1706, a high-speed interface 1708 connecting to memory 1704 andhigh-speed expansion ports 1710, and a low speed interface 1712connecting to low speed bus 1714 and storage device 1706. Each of thecomponents 1702, 1704, 1706, 1708, 1710, and 1712, are interconnectedusing various busses, and may be mounted on a common motherboard or inother manners as appropriate. The processor 1702 can processinstructions for execution within the computing device 1700, includinginstructions stored in the memory 1704 or on the storage device 1706 todisplay graphical information for a GUI on an external input/outputdevice, such as display 1716 coupled to high speed interface 1708. Inother implementations, multiple processors and/or multiple buses may beused, as appropriate, along with multiple memories and types of memory.Also, multiple computing devices 1700 may be connected, with each deviceproviding portions of the necessary operations (e.g., as a server bank,a group of blade servers, or a multi-processor system).

The memory 1704 stores information within the computing device 1700. Inone implementation, the memory 1704 is a volatile memory unit or units.In another implementation, the memory 1704 is a non-volatile memory unitor units. The memory 1704 may also be another form of computer-readablemedium, such as a magnetic or optical disk.

The storage device 1706 is capable of providing mass storage for thecomputing device 1700. In one implementation, the storage device 1706may be or contain a computer-readable medium, such as a floppy diskdevice, a hard disk device, an optical disk device, or a tape device, aflash memory or other similar solid state memory device, or an array ofdevices, including devices in a storage area network or otherconfigurations. A computer program product can be tangibly embodied inan information carrier. The computer program product may also containinstructions that, when executed, perform one or more methods, such asthose described above. The information carrier is a computer- ormachine-readable medium, such as the memory 1704, the storage device1706, memory on processor 1702, or a propagated signal.

The high speed controller 1708 manages bandwidth-intensive operationsfor the computing device 1700, while the low speed controller 1712manages lower bandwidth-intensive operations. Such allocation offunctions is exemplary only. In one implementation, the high-speedcontroller 1708 is coupled to memory 1704, display 1716 (e.g., through agraphics processor or accelerator), and to high-speed expansion ports1710, which may accept various expansion cards (not shown). In theimplementation, low-speed controller 1712 is coupled to storage device1706 and low-speed expansion port 1714. The low-speed expansion port,which may include various communication ports (e.g., USB, Bluetooth,Ethernet, wireless Ethernet) may be coupled to one or more input/outputdevices, such as a keyboard, a pointing device, a scanner, or anetworking device such as a switch or router, e.g., through a networkadapter.

The computing device 1700 may be implemented in a number of differentforms, as shown in the figure. For example, it may be implemented as astandard server 1720, or multiple times in a group of such servers. Itmay also be implemented as part of a rack server system 1724. Inaddition, it may be implemented in a personal computer such as a laptopcomputer 1722. Alternatively, components from computing device 1700 maybe combined with other components in a mobile device (not shown), suchas device 1750. Each of such devices may contain one or more ofcomputing device 1700, 1750, and an entire system may be made up ofmultiple computing devices 1700, 1750 communicating with each other.

Computing device 1750 includes a processor 1752, memory 1764, aninput/output device such as a display 1754, a communication interface1766, and a transceiver 1768, among other components. The device 1750may also be provided with a storage device, such as a microdrive orother device, to provide additional storage. Each of the components1750, 1752, 1764, 1754, 1766, and 1768, are interconnected using variousbuses, and several of the components may be mounted on a commonmotherboard or in other manners as appropriate.

The processor 1752 can execute instructions within the computing device1750, including instructions stored in the memory 1764. The processormay be implemented as a chipset of chips that include separate andmultiple analog and digital processors. The processor may provide, forexample, for coordination of the other components of the device 1750,such as control of user interfaces, applications run by device 1750, andwireless communication by device 1750.

Processor 1752 may communicate with a user through control interface1758 and display interface 1756 coupled to a display 1754. The display1754 may be, for example, a TFT LCD (Thin-Film-Transistor Liquid CrystalDisplay) or an OLED (Organic Light Emitting Diode) display, or otherappropriate display technology. The display interface 1756 may compriseappropriate circuitry for driving the display 1754 to present graphicaland other information to a user. The control interface 1758 may receivecommands from a user and convert them for submission to the processor1752. In addition, an external interface 1762 may be provide incommunication with processor 1752, so as to enable near areacommunication of device 1750 with other devices. External interface 1762may provide, for example, for wired communication in someimplementations, or for wireless communication in other implementations,and multiple interfaces may also be used.

The memory 1764 stores information within the computing device 1750. Thememory 1764 can be implemented as one or more of a computer-readablemedium or media, a volatile memory unit or units, or a non-volatilememory unit or units. Expansion memory 1774 may also be provided andconnected to device 1750 through expansion interface 1772, which mayinclude, for example, a SIMM (Single In Line Memory Module) cardinterface. Such expansion memory 1774 may provide extra storage spacefor device 1750, or may also store applications or other information fordevice 1750. Specifically, expansion memory 1774 may includeinstructions to carry out or supplement the processes described above,and may include secure information also. Thus, for example, expansionmemory 1774 may be provide as a security module for device 1750, and maybe programmed with instructions that permit secure use of device 1750.In addition, secure applications may be provided via the SIMM cards,along with additional information, such as placing identifyinginformation on the SIMM card in a non-hackable manner.

The memory may include, for example, flash memory and/or NVRAM memory,as discussed below. In one implementation, a computer program product istangibly embodied in an information carrier. The computer programproduct contains instructions that, when executed, perform one or moremethods, such as those described above. The information carrier is acomputer- or machine-readable medium, such as the memory 1764, expansionmemory 1774, memory on processor 1752, or a propagated signal that maybe received, for example, over transceiver 1768 or external interface1762.

Device 1750 may communicate wirelessly through communication interface1766, which may include digital signal processing circuitry wherenecessary. Communication interface 1766 may provide for communicationsunder various modes or protocols, such as GSM voice calls, SMS, EMS, orMMS messaging, CDMA, TDMA, PDC, WCDMA, CDMA2000, or GPRS, among others.Such communication may occur, for example, through radio-frequencytransceiver 1768. In addition, short-range communication may occur, suchas using a Bluetooth, WiFi, or other such transceiver (not shown). Inaddition, GPS (Global Positioning System) receiver module 1770 mayprovide additional navigation- and location-related wireless data todevice 1750, which may be used as appropriate by applications running ondevice 1750.

Device 1750 may also communicate audibly using audio codec 1760, whichmay receive spoken information from a user and convert it to usabledigital information. Audio codec 1760 may likewise generate audiblesound for a user, such as through a speaker, e.g., in a handset ofdevice 1750. Such sound may include sound from voice telephone calls,may include recorded sound (e.g., voice messages, music files, etc.) andmay also include sound generated by applications operating on device1750.

The computing device 1750 may be implemented in a number of differentforms, as shown in the figure. For example, it may be implemented as acellular telephone 1780. It may also be implemented as part of asmartphone 1782, personal digital assistant, or other similar mobiledevice.

Various implementations of the systems and techniques described here canbe realized in digital electronic circuitry, integrated circuitry,specially designed ASICs (application specific integrated circuits),computer hardware, firmware, software, and/or combinations thereof.These various implementations can include implementation in one or morecomputer programs that are executable and/or interpretable on aprogrammable system including at least one programmable processor, whichmay be special or general purpose, coupled to receive data andinstructions from, and to transmit data and instructions to, a storagesystem, at least one input device, and at least one output device.

These computer programs (also known as programs, software, softwareapplications or code) include machine instructions for a programmableprocessor, and can be implemented in a high-level procedural and/orobject-oriented programming language, and/or in assembly/machinelanguage. As used herein, the terms “machine-readable medium”“computer-readable medium” refers to any computer program product,apparatus and/or device (e.g., magnetic discs, optical disks, memory,Programmable Logic Devices (PLDs)) used to provide machine instructionsand/or data to a programmable processor, including a machine-readablemedium that receives machine instructions as a machine-readable signal.The term “machine-readable signal” refers to any signal used to providemachine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniquesdescribed here can be implemented on a computer having a display device(e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor)for displaying information to the user and a keyboard and a pointingdevice (e.g., a mouse or a trackball) by which the user can provideinput to the computer. Other kinds of devices can be used to provide forinteraction with a user as well; for example, feedback provided to theuser can be any form of sensory feedback (e.g., visual feedback,auditory feedback, or tactile feedback); and input from the user can bereceived in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in acomputing system that includes a back end component (e.g., as a dataserver), or that includes a middleware component (e.g., an applicationserver), or that includes a front end component (e.g., a client computerhaving a graphical user interface or a Web browser through which a usercan interact with an implementation of the systems and techniquesdescribed here), or any combination of such back end, middleware, orfront end components. The components of the system can be interconnectedby any form or medium of digital data communication (e.g., acommunication network). Examples of communication networks include alocal area network (“LAN”), a wide area network (“WAN”), and theInternet.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

A number of embodiments have been described. Nevertheless, it will beunderstood that various modifications may be made without departing fromthe spirit and scope of the invention. For example, much of thisdocument has been described with respect to television advertisements,but other forms of future, viewership-based advertisements may also beaddressed, such as radio advertisements and on-line videoadvertisements.

In addition, the logic flows depicted in the figures do not require theparticular order shown, or sequential order, to achieve desirableresults. In addition, other steps may be provided, or steps may beeliminated, from the described flows, and other components may be addedto, or removed from, the described systems. Accordingly, otherembodiments are within the scope of the following claims.

1. A computer-implemented method for maintaining state in a statelessenvironment, the method comprising: identifying particular keystrokeactions typing characters into a data entry area of a web page; inresponse to identifying each of multiple ones of the particularkeystroke actions, automatically and repeatedly transmitting and savingon a computing system data representing an image of one or more documentobject models (DOMs) for one or more web pages, the data representingthe image including information that has changed in response theidentified particular keystroke actions after the one or more web pageshave been loaded by a first computing device that is separate from thecomputing system, and that have occurred since a prior automatic savingof data; receiving a request to redisplay the one or more web pages on asecond computing device that is separate from the computing system;accessing the image; and using data in the image to cause the one ormore web pages to be reconstructed, including with the information thathad changed in response to the identified particular keystroke actionsand representing data entered by the identified particular keystrokeactions.
 2. The method of claim 1, wherein an image of each of the oneor more web pages is stored as a DOM for a page in addition to changedata for the page.
 3. (canceled)
 4. The method of claim 2, wherein eachof a plurality of web pages is part of a compute process that isseparate from each of the other of the plurality of web pages.
 5. Themethod of claim 2, wherein using data in the image to reconstruct theone or more web pages comprises loading the one or more web pages usingthe stored DOMs for the one or more web pages, and then applying datathat reflects the information that had changed.
 6. The method of claim5, further comprising, for each of the one or more web pages, checking astored DOM against a current DOM at a URL that corresponds to theparticular web page, and generating a warning if the stored DOM does notmatch the current DOM.
 7. The method of claim 6, further comprisingapplying to the current DOM the data that reflects the information thathad changed.
 8. A computer-implemented system for maintaining state in astateless environment, the system comprising: one or more computerprocessors; and one or more tangible computer-readable devices havingstored thereon instructions, that when executed by the one or morecomputer processors, perform operations that implement: a web browser tointerpret mark up code and display web pages that correspond to the markup code; a web page saving application programmed to execute on aprocessor of the computing device to save DOMs for the displayed webpages along with data that reflects information that has changed on theweb pages in response to user interaction with the web pages after theweb pages have been loaded by the computing device, the web page savingapplication saving data to a remote computer system automatically andcontinuously as a user makes changes to the web pages; and a data storethat stores an image that defines the DOMs and the data that reflectsinformation that has changed on the web pages, wherein the web pagesaving application is programmed to save data to the remote computerserver for each of multiple keystrokes identified as occurred to adddata into a data entry area of a web page.
 9. The system of claim 8,wherein the image of each of the one or more web pages is stored as aDOM for a page in addition to change data for the page.
 10. (canceled)11. The system of claim 10, wherein the web page saving application isprogrammed to save DOMs for the displayed web pages along with data thatreflects information that has changed on the web pages, by identifyingchange data for a particular page by analyzing scripting code that iscalled from the particular page.
 12. The system of claim 10, wherein theweb browser is programmed to execute each of the web pages in a computeprocess that is separate from compute processes for each of the other ofthe web pages.
 13. The system of claim 10, wherein the web page savingapplication uses data in the image to reconstruct the one or more webpages by loading the one or more pages using the stored DOMs for the oneor more web pages, and then applying data that reflects the informationthat had changed.
 14. The system of claim 10, wherein the web pagesaving application is programmed to check a particular stored DOMagainst a current DOM at a URL that corresponds to a web page, and togenerate a warning if the particular stored DOM does not match thecurrent DOM.
 15. The system of claim 10, wherein the web page savingapplication is programmed to apply to a current DOM the data thatreflects the information that had changed.
 16. A computer-implementedsystem for maintaining state in a stateless environment, the systemcomprising: a web browser to interpret mark up code and display webpages that correspond to the mark up code; a data store that stores animage that defines DOMs of the web pages and data that reflectsinformation that has changed on the web pages in response to userinteraction with the web pages after the web pages have been loaded bythe computing device; and means for reconstructing the web pages usingthe image, the means for reconstructing arranged to receive data sentautomatically and continuously from the web browser in response to theuser interaction, wherein each of multiple transmissions of data istriggered by each of multiple keystrokes entering data into a data entryarea of a web page.
 17. The system of claim 16, wherein the means forreconstructing the image applies the data that has reflected informationthat has changed on the web pages to the stored DOMs.
 18. Thecomputer-implemented system of claim 16, wherein the web browser isarranged to display each of the web pages using a compute process thatis separate from compute processes for each of the other web pages. 19.The computer-implemented method of claim 1, wherein the first computingdevice and the second computing device are each executing an operatingsystem that allows only one native application, in the form of a webbrowser, to execute in the operating system, and wherein one or moreother applications execute in the web browser.
 20. Thecomputer-implemented method of claim 1, wherein the data representingthe image is saved for each keystroke or mouse click made by a user intothe one or more web pages.
 21. The computer-implemented method of claim1, wherein the data representing the image comprises data representingwhat tabs are open in the web browser, and using the data in the imageto cause the one or more web pages to be reconstructed comprises causingthe tabs that were open in the browser to be reconstructed.
 22. Thecomputer-implemented method of claim 1, wherein the data representingthe image is captured by the computer system continuously and morefrequently than once every 5 seconds.
 23. The computer-implementedmethod of claim 1, wherein the image identifies which applications areto be made available to a user of the first computing device.
 24. Thecomputer-implemented method of claim 1, wherein the first computingdevice and the second computing device are the same device, and themethod further comprises reconstructing the one or more web pages usingimage data stored on the same device.
 25. The computer-implementedmethod of claim 1, wherein the one or more web pages are reconstructedon the second computing device as part of an operating system bootprocess of the second computing device.